# Changelog

## v0.2.0 (2026-06-05)

- Precompiled artifact added for `aarch64-apple-darwin` (Apple Silicon
  Macs). M-series dev machines now pull a prebuilt NIF — no
  `SVG_SANITIZER_BUILD=1` and no local Rust toolchain required.
- Intel Macs (`x86_64-apple-darwin`) remain source-only for now; those
  devs still set `SVG_SANITIZER_BUILD=1`.
- No changes to the NIF behavior or the `svg-hush` version; this is a
  packaging-only release.

## v0.1.0 (2026-05-28)

Initial release. Thin precompiled NIF wrapping Cloudflare's `svg-hush`
Rust crate (v0.9).

- `SvgSanitizer.sanitize/1` strips `<script>`, event handlers, foreign
  objects, external references, and javascript:/data: URL vectors.
  Embedded raster data URLs (PNG/JPEG/GIF/WebP) are preserved.
- Returns `{:ok, binary}` or `{:error, reason}` where `reason` is one of
  `:invalid_input | :input_too_large | :parse_error | :panic | :alloc_failed`
  — all atoms, no internal-state leaks. See `t:SvgSanitizer.reason/0`.
- Runs on a DirtyCpu scheduler.
- Rust panics are caught and surfaced as `{:error, :panic}` rather than
  bringing down the BEAM node. (Stack overflow on the dirty NIF thread is
  not catchable — svg-hush's iterative parser keeps stack usage bounded.)
- Inputs over 5 MB are rejected with `{:error, :input_too_large}` at both
  the Elixir wrapper and the NIF boundary (defense in depth).
- Non-binary input returns `{:error, :invalid_input}` instead of raising.
- Precompiled artifacts published for `aarch64-unknown-linux-gnu` and
  `x86_64-unknown-linux-gnu`. macOS targets deferred (the
  `rustler-precompiled-action` mishandles `cross` on Apple Silicon);
  Mac users build from source with `SVG_SANITIZER_BUILD=1`.
- Requires OTP 26+ (NIF 2.17); earlier NIF versions added on demand.